yangzhg opened a new issue, #12654: URL: https://github.com/apache/doris/issues/12654
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/incubator-doris/issues?q=is%3Aissue) and found no similar issues. ### Version master ### What's Wrong? ``` ==18053==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7f6aa6a68681 at pc 0x55b72c2cd397 bp 0x7f6aa6a68650 sp 0x7f6aa6a67df8 WRITE of size 24 at 0x7f6aa6a68681 thread T592 (broker_scanner) #0 0x55b72c2cd396 in __interceptor_sigaltstack.part.0 (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0x2952396) #1 0x55b72c33313f in __asan::PlatformUnpoisonStacks() (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0x29b813f) #2 0x55b72c338aa4 in __asan_handle_no_return (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0x29bdaa4) #3 0x55b72b9eccd2 in __gnu_cxx::new_allocator<char>::~new_allocator() /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/ext/new_allocator.h:89 #4 0x55b72b9eccd2 in std::allocator<char>::~allocator() /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/allocator.h:162 #5 0x55b72b9eccd2 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::_Alloc_hider::~_Alloc_hider() /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/basic_string.h:150 #6 0x55b72b9eccd2 in std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::~basic_string() /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/basic_string.h:658 #7 0x55b72b9eccd2 in doris::TPaloBrokerServiceClient::recv_openReader(doris::TBrokerOpenReaderResponse&) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/gensrc/build/gen_cpp/TPaloBrokerService.cpp:2543 #8 0x55b72f75ce17 in doris::BrokerReader::open() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/broker_reader.cpp:93 #9 0x55b72f764ee7 in doris::BufferedReader::open() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/buffered_reader.cpp:63 #10 0x55b72f6ae7d7 in doris::ParquetScanner::open_next_reader() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/parquet_scanner.cpp:147 #11 0x55b72f6b04d5 in doris::ParquetScanner::get_next(doris::Tuple*, doris::MemPool*, bool*, bool*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/parquet_scanner.cpp:65 #12 0x55b72f5d3ac4 in doris::BrokerScanNode::scanner_scan(doris::TBrokerScanRange const&, std::vector<doris::ExprContext*, std::allocator<doris::ExprContext*> > const&, doris::ScannerCounter*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/broker_scan_node.cpp:291 #13 0x55b72f5d7741 in doris::BrokerScanNode::scanner_worker(int, int) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/broker_scan_node.cpp:363 #14 0x55b736204eff in execute_native_thread_routine (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0xc889eff) #15 0x7f6dfc2acea4 in start_thread (/lib64/libpthread.so.0+0x7ea4) #16 0x7f6dfc5bf8dc in __clone (/lib64/libc.so.6+0xfe8dc) Address 0x7f6aa6a68681 is located in stack of thread T592 (broker_scanner) at offset 193 in frame #0 0x55b72d541bef in apache::thrift::protocol::TVirtualProtocol<apache::thrift::protocol::TBinaryProtocolT<apache::thrift::transport::TTransport, apache::thrift::protocol::TNetworkBigEndian>, apache::thrift::protocol::TProtocolDefaults>::readMessageBegin_virt(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >&, apache::thrift::protocol::TMessageType&, int&) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/thirdparty/installed/include/thrift/protocol/TVirtualProtocol.h:400 This frame has 7 object(s): [48, 49) '<unknown>' [64, 68) 'theBytes' [80, 84) 'theBytes' [96, 100) 'theBytes' [112, 116) 'theBytes' [128, 160) '<unknown>' [192, 193) 'b' <== Memory access at offset 193 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) Thread T592 (broker_scanner) created by T122 (FragmentMgrThre) here: #0 0x55b72c2d18e1 in pthread_create (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0x29568e1) #1 0x55b736204fd5 in std::thread::_M_start_thread(std::unique_ptr<std::thread::_State, std::default_delete<std::thread::_State> >, void (*)()) (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0xc889fd5) #2 0x55b72f5d02ec in std::thread& std::vector<std::thread, std::allocator<std::thread> >::emplace_back<void (doris::BrokerScanNode::*)(int, int), doris::BrokerScanNode*, int, unsigned long>(void (doris::BrokerScanNode::*&&)(int, int), doris::BrokerScanNode*&&, int&&, unsigned long&&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/vector.tcc:121 #3 0x55b72f5d02ec in doris::BrokerScanNode::start_scanners() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/broker_scan_node.cpp:106 #4 0x55b72f5d08b5 in doris::BrokerScanNode::open(doris::RuntimeState*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/exec/broker_scan_node.cpp:96 #5 0x55b72d83ae7a in doris::PlanFragmentExecutor::open_internal() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/plan_fragment_executor.cpp:370 #6 0x55b72d83e4bd in doris::PlanFragmentExecutor::open() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/plan_fragment_executor.cpp:261 #7 0x55b72d5d2273 in doris::FragmentExecState::execute() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/fragment_mgr.cpp:246 #8 0x55b72d5e7683 in doris::FragmentMgr::_exec_actual(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/fragment_mgr.cpp:476 #9 0x55b72d60d59b in void std::__invoke_impl<void, void (doris::FragmentMgr::*&)(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>), doris::FragmentMgr*&, std::shared_ptr<doris::FragmentExecState>&, std::function<void (doris::PlanFragmentExecutor*)>&>(std::__invoke_memfun_deref, void (doris::FragmentMgr::*&)(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>), doris::FragmentMgr*&, std::shared_ptr<doris::FragmentExecState>&, std::function<void (doris::PlanFragmentExecutor*)>&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:74 #10 0x55b72d60d59b in std::enable_if<is_invocable_r_v<void, void (doris::FragmentMgr::*&)(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>), doris::FragmentMgr*&, std::shared_ptr<doris::FragmentExecState>&, std::function<void (doris::PlanFragmentExecutor*)>&>, void>::type std::__invoke_r<void, void (doris::FragmentMgr::*&)(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>), doris::FragmentMgr*&, std::shared_ptr<doris::FragmentExecState>&, std::function<void (doris::PlanFragmentExecutor*)>&>(void (doris::FragmentMgr::*&)(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>), doris::FragmentMgr*&, std::shared_ptr<doris::FragmentExecState>&, std::function<void (doris::PlanFragmentExecutor*)>&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:111 #11 0x55b72d60d59b in void std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>::__call<void, , 0ul, 1ul, 2ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul, 2ul>) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/functional:570 #12 0x55b72d60d59b in void std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>::operator()<>() /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/functional:629 #13 0x55b72d60d59b in void std::__invoke_impl<void, std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>&>(std::__invoke_other, std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:61 #14 0x55b72d60d59b in std::enable_if<is_invocable_r_v<void, std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>&>, void>::type std::__invoke_r<void, std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>&>(std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)>&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:111 #15 0x55b72d60d59b in std::_Function_handler<void (), std::_Bind_result<void, void (doris::FragmentMgr::*(doris::FragmentMgr*, std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>))(std::shared_ptr<doris::FragmentExecState>, std::function<void (doris::PlanFragmentExecutor*)>)> >::_M_invoke(std::_Any_data const&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/std_function.h:291 #16 0x55b72dd1d9ed in std::function<void ()>::operator()() const /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/std_function.h:560 #17 0x55b72dd1d9ed in doris::FunctionRunnable::run() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/threadpool.cpp:42 #18 0x55b72dd1d9ed in doris::ThreadPool::dispatch_thread() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/threadpool.cpp:570 #19 0x55b72dd2100b in void std::__invoke_impl<void, void (doris::ThreadPool::*&)(), doris::ThreadPool*&>(std::__invoke_memfun_deref, void (doris::ThreadPool::*&)(), doris::ThreadPool*&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:74 #20 0x55b72dd2100b in std::__invoke_result<void (doris::ThreadPool::*&)(), doris::ThreadPool*&>::type std::__invoke<void (doris::ThreadPool::*&)(), doris::ThreadPool*&>(void (doris::ThreadPool::*&)(), doris::ThreadPool*&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:96 #21 0x55b72dd2100b in void std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>::__call<void, , 0ul>(std::tuple<>&&, std::_Index_tuple<0ul>) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/functional:420 #22 0x55b72dd2100b in void std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>::operator()<, void>() /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/functional:503 #23 0x55b72dd2100b in void std::__invoke_impl<void, std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>&>(std::__invoke_other, std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:61 #24 0x55b72dd2100b in std::enable_if<is_invocable_r_v<void, std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>&>, void>::type std::__invoke_r<void, std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>&>(std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()>&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/invoke.h:111 #25 0x55b72dd2100b in std::_Function_handler<void (), std::_Bind<void (doris::ThreadPool::*(doris::ThreadPool*))()> >::_M_invoke(std::_Any_data const&) /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/std_function.h:291 #26 0x55b72dcff548 in std::function<void ()>::operator()() const /home/disk6/palo/release/baidu/bdg/doris/ldb_toolchain/include/c++/11/bits/std_function.h:560 #27 0x55b72dcff548 in doris::Thread::supervise_thread(void*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/thread.cpp:406 #28 0x7f6dfc2acea4 in start_thread (/lib64/libpthread.so.0+0x7ea4) Thread T122 (FragmentMgrThre) created by T0 here: #0 0x55b72c2d18e1 in pthread_create (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0x29568e1) #1 0x55b72dcf70ae in doris::Thread::start_thread(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::function<void ()> const&, unsigned long, scoped_refptr<doris::Thread>*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/thread.cpp:360 #2 0x55b72dd0821d in doris::Status doris::Thread::create<void (doris::ThreadPool::*)(), doris::ThreadPool*>(std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > const&, void (doris::ThreadPool::* const&)(), doris::ThreadPool* const&, scoped_refptr<doris::Thread>*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/thread.h:52 #3 0x55b72dd0821d in doris::ThreadPool::create_thread() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/threadpool.cpp:639 #4 0x55b72dd1cf8a in doris::ThreadPool::init() /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/threadpool.cpp:285 #5 0x55b72dd1cf8a in doris::ThreadPoolBuilder::build(std::unique_ptr<doris::ThreadPool, std::default_delete<doris::ThreadPool> >*) const /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/util/threadpool.cpp:79 #6 0x55b72d5eff3d in doris::FragmentMgr::FragmentMgr(doris::ExecEnv*) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/fragment_mgr.cpp:439 #7 0x55b72d516426 in doris::ExecEnv::_init(std::vector<doris::StorePath, std::allocator<doris::StorePath> > const&) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/exec_env_init.cpp:140 #8 0x55b72d519475 in doris::ExecEnv::init(doris::ExecEnv*, std::vector<doris::StorePath, std::allocator<doris::StorePath> > const&) /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/runtime/exec_env_init.cpp:85 #9 0x55b72be0a927 in main /home/disk6/palo/release/baidu/bdg/doris/palo-1.1/be/src/service/doris_main.cpp:383 #10 0x7f6dfc4e3554 in __libc_start_main (/lib64/libc.so.6+0x22554) SUMMARY: AddressSanitizer: stack-buffer-overflow (/root/boxer2/running/686863224221601792/palobe/lib/palo_be+0x2952396) in __interceptor_sigaltstack.part.0 Shadow bytes around the buggy address: 0x0fedd4d45080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x0fedd4d45090: 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 00 0x0fedd4d450a0: 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 0x0fedd4d450b0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 0x0fedd4d450c0: 04 f2 04 f2 04 f2 04 f2 00 00 00 00 f2 f2 f2 f2 =>0x0fedd4d450d0:[01]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x0fedd4d450e0: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 f8 f2 0x0fedd4d450f0: 01 f2 04 f2 04 f2 00 00 f2 f2 00 00 f2 f2 00 00 0x0fedd4d45100: f2 f2 00 00 f2 f2 00 00 00 f2 f2 f2 f2 f2 00 00 0x0fedd4d45110: 00 00 f2 f2 f2 f2 00 00 00 00 f2 f2 f2 f2 00 00 0x0fedd4d45120: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ``` ### What You Expected? not core ### How to Reproduce? _No response_ ### Anything Else? _No response_ ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@doris.apache.org For additional commands, e-mail: commits-h...@doris.apache.org
